WiredWX Hobby Weather ToolsLog in

 


Laptop connected to internet but will only browse in safe mode

3 posters

descriptionLaptop connected to internet but will only browse in safe mode EmptyLaptop connected to internet but will only browse in safe mode

more_horiz
Hi,
I have a Dell Vostro 1510 Laptop running on XP Professional with IE and Firefox. I had it for maybe a month and it stopped connecting to the internet so I just opted to use my personal laptop instead. It's been a while and having this thing sitting around doing nothing seems pointless so I'm trying to get it up and running again.
I am connected to the internet but cannot browse except for in safe mode. I have scanned with AVG, MalwareBytes and Ad-aware. None of them have found anything. I've fixed a couple of friends PCs with the same problem, but the cause was always some sort of malware which I easily removed. I'm going nuts trying to figure this out.
I tried downloading the most recent versions of Java and Adobe Reader as is said in the "Read This Before Posting" topic; unfortunately I get a message that says the Administrator has set policies to prevent this installation, but I am the administrator.

I'm sorry if this is in the wrong forum, I just figured it had to be some sort of malware problem or something.
Any help is much appreciated. Thank you very much.

I was able to download HijackThis so here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:35 PM, on 2/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\brandon\My Documents\Downloads\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080716
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7598 bytes

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Sorry it's taken me so long to get back. This is the first chance I've had all day to get online.
Here's the combofix report:

ComboFix 10-02-12.01 - Jason 02/15/2010 22:43:39.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1766 [GMT -7]
Running from: c:\documents and settings\brandon\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-16 05:13 . 2010-02-16 05:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-14 22:55 . 2010-02-14 22:55 0 ----a-w- c:\windows\nsreg.dat
2010-02-14 22:55 . 2010-02-14 22:55 -------- d-----w- c:\documents and settings\brandon\Local Settings\Application Data\Mozilla
2010-02-14 22:43 . 2010-02-14 22:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-14 09:33 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-02-14 09:33 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-02-14 09:33 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-02-14 09:33 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-02-14 09:33 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-02-14 09:33 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-14 09:33 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-02-14 09:33 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-02-14 09:33 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-14 09:32 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-14 09:32 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-14 09:30 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-02-14 09:30 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-02-14 09:30 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-14 09:05 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-02-14 09:05 . 2010-01-05 10:00 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-02-14 09:05 . 2010-01-05 10:00 17408 ------w- c:\windows\system32\dllcache\corpol.dll
2010-02-14 09:05 . 2009-09-11 14:18 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2010-02-14 09:05 . 2009-06-25 08:25 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2010-02-14 09:05 . 2009-06-25 08:25 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2010-02-14 09:05 . 2009-06-25 08:25 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2010-02-14 09:05 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-02-14 09:05 . 2009-06-25 08:25 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2010-02-14 09:05 . 2009-06-24 11:18 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2010-02-14 08:59 . 2010-02-14 08:09 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-02-14 08:59 . 2010-02-14 08:09 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-02-14 08:59 . 2010-02-14 08:09 12464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsstx.dll
2010-02-14 08:59 . 2010-02-14 08:09 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-02-14 08:59 . 2010-02-14 08:08 503576 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
2010-02-14 08:39 . 2009-11-25 20:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-14 08:09 . 2010-02-14 08:41 -------- d-----w- C:\$AVG
2010-02-14 08:09 . 2010-02-14 08:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-14 08:09 . 2010-02-14 08:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-14 08:09 . 2010-02-14 08:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-14 08:09 . 2010-02-14 08:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-14 08:09 . 2010-02-14 08:59 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-14 08:09 . 2010-02-14 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-14 08:08 . 2010-02-14 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-14 07:20 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 07:20 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 06:53 . 2010-02-14 06:53 -------- d-----w- c:\program files\microsoft frontpage
2010-02-14 06:52 . 2010-02-14 23:49 -------- d-----w- c:\program files\Lexmark 3500-4500 Series
2010-02-14 06:31 . 2010-02-14 06:52 -------- d-----w- c:\windows\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 05:13 . 2008-07-16 20:13 -------- d-----w- c:\program files\Microsoft Works
2010-02-15 00:12 . 2008-07-29 18:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-15 00:07 . 2008-07-16 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-14 23:48 . 2008-08-23 16:49 -------- d-----w- c:\program files\FinePixViewer
2010-02-14 23:48 . 2008-08-23 19:12 -------- d-----w- c:\program files\Lexmark Fax Solutions
2010-02-14 08:42 . 2008-08-23 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-14 08:09 . 2008-08-23 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-14 08:08 . 2008-08-23 23:20 -------- d-----w- c:\program files\AVG
2010-02-14 07:20 . 2009-09-26 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 07:12 . 2008-08-25 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-02-14 06:59 . 2009-09-26 02:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-14 06:59 . 2009-09-26 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-05 10:00 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-11 22:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-11 22:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2004-08-11 22:11 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-11 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 03:01 . 2008-07-16 20:23 25760 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 18:22 . 2004-08-11 22:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-11 22:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 05:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-11 22:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-11 22:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-11 22:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 05:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-11 22:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 20:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-27 888832]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"nwiz"="nwiz.exe" [2008-03-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-04 86016]
"NVHotkey"="nvHotkey.dll" [2008-03-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-04 13508608]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-8-23 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-14 08:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\system32\\lxdicfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgui.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\lsupdatemanager.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/14/2010 1:09 AM 360584]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [7/16/2008 12:45 PM 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [7/16/2008 12:45 PM 43480]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/14/2010 1:09 AM 333192]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/14/2010 1:59 AM 285392]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [8/23/2008 12:13 PM 99248]
.
Contents of the 'Scheduled Tasks' folder

2008-08-21 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\www.update
Trusted Zone: yahoo.com\www
FF - ProfilePath - c:\documents and settings\brandon\Application Data\Mozilla\Firefox\Profiles\t8zvi3tf.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-02-15 22:47:15
ComboFix-quarantined-files.txt 2010-02-16 05:47

Pre-Run: 141,118,468,096 bytes free
Post-Run: 141,685,981,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /safeboot:network

- - End Of File - - 1782B2A30EB4E2835821E037AE425ACE

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Please use Internet Explorer and run a BitDefender Online scan

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Here's my BitDefender log:

BitDefender QuickScan Beta 32-bit v0.9.9.0
------------------------------------------

Scan date: Tue Feb 16 18:05:02 2010
Machine ID: AC6BC6B2

Process winlogon.exe (536) - Trojan.Generic.1423603


No infection found.
---------------------


Processes
---------
Firefox 1196 C:\Program Files\Mozilla Firefox\firefox.exe

Ad-Aware Service 1228 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
AVG Internet Security 948 C:\Program Files\AVG\AVG9\avgchsvx.exe
Microsoft®️ Windows®️ Operating System 1832 C:\WINDOWS\Explorer.EXE
Microsoft®️ Windows®️ Operating System 512 C:\WINDOWS\system32\csrss.exe
Microsoft®️ Windows®️ Operating System 592 C:\WINDOWS\system32\lsass.exe
Microsoft®️ Windows®️ Operating System 580 C:\WINDOWS\system32\services.exe
Microsoft®️ Windows®️ Operating System 456 C:\WINDOWS\System32\smss.exe
Microsoft®️ Windows®️ Operating System 752 C:\WINDOWS\system32\svchost.exe
Microsoft®️ Windows®️ Operating System 800 C:\WINDOWS\system32\svchost.exe
Microsoft®️ Windows®️ Operating System 900 C:\WINDOWS\system32\svchost.exe
Microsoft®️ Windows®️ Operating System 916 C:\WINDOWS\system32\svchost.exe
Microsoft®️ Windows®️ Operating System 996 C:\WINDOWS\system32\svchost.exe
Microsoft®️ Windows®️ Operating System 536 C:\WINDOWS\system32\winlogon.exe


Network activity
----------------
Process firefox.exe (1196) connected on port 80 (HTTP) - a184-50-8-100.deploy.akamaitechnologies.com
Process firefox.exe (1196) connected on port 80 (HTTP) - 75.126.156.51-static.reverse.softlayer.com
Process firefox.exe (1196) connected on port 80 (HTTP) - a184-50-5-115.deploy.akamaitechnologies.com
Process firefox.exe (1196) connected on port 80 (HTTP) - dc2.122.2o7.net
Process firefox.exe (1196) connected on port 80 (HTTP) - lax04s01-in-f100.1e100.net

Process svchost.exe (800) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
C:\Dell\E-Center\EULALauncher.exe
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
Dell Wireless WLAN Card Wireless Network Tray Appl C:\WINDOWS\system32\WLTRAY.exe
Lexmark Imaging Studio C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
NVIDIA Hotkey Service, Version 174.31 C:\WINDOWS\system32\nvHotkey.dll
nwiz.exe C:\WINDOWS\system32\nwiz.exe
Registry Shaver C:\Program Files\REGSHAVE\REGSHAVE.EXE

Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
Alps Pointing-device Driver C:\Program Files\DellTPad\Apoint.exe
AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll
Cyberlink PowerDVD C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
Device Monitor C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
Java(TM) Platform SE 6 U7 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\browseui.dll
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\logonui.exe
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\shell32.dll
Microsoft®️ Windows®️ Operating System c:\windows\system32\stobject.dll
Microsoft®️ Windows®️ Operating System c:\windows\system32\userinit.exe
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\wlnotify.dll
Microsoft®️ Windows®️ Operating System c:\windows\system32\wpdshserviceobj.dll
NVIDIA Compatible Windows 2000 Display driver, Ver C:\WINDOWS\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
Software Manager C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Watson Subscriber for SENS Network Notifications C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
Windows®️ Internet Explorer c:\windows\system32\webcheck.dll


Browser plugins
---------------
Browser Address Error Redirector c:\program files\dell\bae\bae.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
AVG Internet Security c:\program files\avg\avg9\avgssie.dll
AVG Security Toolbar c:\program files\avg\avg9\toolbar\ietoolbar.dll
BitDefender QuickScan C:\Documents and Settings\brandon\Application Data\Mozilla\Firefox\Profiles/t8zvi3tf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
BitDefender QuickScan C:\Documents and Settings\brandon\Application Data\Mozilla\Firefox\Profiles/t8zvi3tf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Google Toolbar for IE c:\program files\google\googletoolbar2.dll
GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
Java(TM) Platform SE 6 U7 c:\program files\java\jre1.6.0_07\bin\ssv.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft®️ Windows®️ Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\nwprovau.dll
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft®️ Windows®️ Operating System C:\WINDOWS\system32\winrnr.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll
Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
Windows®️ Internet Explorer C:\WINDOWS\system32\ieframe.dll


Scan
----

No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.03 MB sent, 2.25 KB recvd
Scanned 727 files and modules - 35 seconds

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Please answer the following Questions...

What happens in Normal Mode ??
If you Open up the Internet Explorer in Normal Mode, what are you seeing ??
Is there any particular page getting opened up in Normal Mode??

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
In normal mode everything is fine except that something with Roxio is trying to install, the device monitor application has an error as soon as it boots up and I can't browse anything. My internet is connected, great signal and everything. I've even tried plugging directly into the internet.

When I open internet explorer or firefox it tells me that it is unable to connect; it cannot establish a connection to the server.
I can't get anything to work. Yahoo, google, GeekPolice, myspace, facebook, ebay; none of them open.

I cannot get AVG, malwarebytes or adaware to update while in normal mode but it seems that something must be updating since the computer is telling me that the updates are ready to install.


EDIT: And just recently this windows genuine advantage thing has been popping up. Never had that happen on any computer before. My parents got this thing from the company they were working with, so everything is legit. Could this be related the other problems???
The company "downgraded" to XP since the laptop originally had vista, but that message has never popped up until recently. It started a couple days ago... which was about a day after I booted it up to see if the internet worked in safe mode.

Last edited by merydethj on 17th February 2010, 2:50 am; edited 1 time in total (Reason for editing : Needed to add something.)

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Please navigate to this webpage: http://support.microsoft.com/kb/313222 and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

Please download F-Secure's Blacklight from F-Secure.com

  • Save it to your Desktop
  • Double-click fsbl.exe then accept the agreement.
  • click > scan then > next,
  • You'll see a list of all items found.
  • Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
  • There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
  • Post the contents of the log in your next reply.


==

Please download Cheetah-Anti-Rogue, and save to your Desktop.
Alternate link
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


==

Please make sure both logs are posted in your next reply. Also, please tell me how your computer is running.

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Thanks for the microsoft fix it link, but the computer wont let me download it. It says that the administrator has policies that prevent this file from being downloaded, I'm in the admin account so I have no idea what it's problem is. I think it just hates me.

Here are the scan logs;
BLACKLIGHT:
02/16/10 22:11:09 [Info]: BlackLight Engine 2.2.1092 initialized
02/16/10 22:11:09 [Info]: OS: 5.1 build 2600 (Service Pack 3)
02/16/10 22:11:09 [Note]: 7019 4
02/16/10 22:11:09 [Note]: 7005 0
02/16/10 22:11:30 [Note]: 7006 0
02/16/10 22:11:30 [Note]: 7011 1796
02/16/10 22:11:30 [Note]: 7035 0
02/16/10 22:11:30 [Note]: 7026 0
02/16/10 22:11:31 [Note]: 7026 0
02/16/10 22:11:33 [Note]: FSRAW library version 1.7.1024
02/16/10 22:21:40 [Note]: 7007 0


CHEETAH:
Cheetah-Anti-Rogue v1.3.1
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 02/16/2010 - Time: 22:21:55 - Arch.: x86


-- Malware removal tools check --
Malwarebytes' Anti-Malware


-- Known infection --



Extra message: Detection only.


EOF

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Sad part is, the Microsoft Fix-it tool was to fix the security, so you would have permission for everything else.

We will have to fix that manually. Good job so far.

Need this quick check, then we can move on to the next part.

We Need to Diagnose a Possible Problem with WGA
  1. Please download MGADiag and save it to your desktop.
  2. Double click the Laptop connected to internet but will only browse in safe mode Dmjdiag icon on your desktop.
  3. Push Laptop connected to internet but will only browse in safe mode Dmjcontinue
  4. Push Laptop connected to internet but will only browse in safe mode Dmjcopy
  5. Go to Start -> Run and type in "Notepad"
  6. Go to Edit -> Paste in notepad.
  7. x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  8. Copy and paste that log here.

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Well, now it will not turn on. I think maybe it's the power button, but I can't find out until I get home since I have no tools at work.
It did this yesterday and I thought it was because the battery died so I plugged it in and about 10 minutes later it worked.
So I got to work today, plugged it in to charge and left it for an hour or so, but it won't turn on. Sometimes the blue light on the power button comes on when I push it and sometimes it doesn't, but the laptop isn't even trying to kick on.
I'll keep trying to get it to work so I can do that scan but it may take a while.

EDIT: About 2 seconds after I typed sent that reply I unplugged it, tried that... plugged it back in and tried again... It's on now. I'm telling you this thing just hates me. Smile...
I'll get to that scan now.

Last edited by merydethj on 18th February 2010, 12:42 am; edited 1 time in total (Reason for editing : Computer is on now)

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-*****-*****-*****
Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
Windows Product ID: 76487-OEM-2211906-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {D0C614B3-A080-478C-A4D5-B76C2D3B49A2}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Basic 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: ~[Filtered]~

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 83DA:Dell Inc|83DA:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Sorry i've been off for the last couple of days. Been feeling a bit under the weather.

WhoCrashed didn't ask me to download the Debugger, but here's the report:

Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


No valid crash dumps have been found on your computer


--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
Hello. We need to do some diagnostics.

1. Please download Rooter and Save it to your desktop
  • Double click it to start the tool.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

2. Download LockSearch to your desktop
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

3. Please download CKScanner by askey127 from here
Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Please download Cheetah-Anti-Rogue, and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.

5. I request the following logs to be posted in your next reply, please:
-Rooter
-LockSearch
-CKScanner
-Cheetah

Thanks. Smile...

descriptionLaptop connected to internet but will only browse in safe mode EmptyRe: Laptop connected to internet but will only browse in safe mode

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum